Join Steve Townsley, and Richard Gold, for discussions about information security topics from both the offensive and defensive viewpoints. In this podcast, Steve and Richard dissect reports, review the news, and interrogate data breaches. Always with an eye on what defenders can learn from them.
Language
🇺🇲
Publishing Since
5/20/2024
Email Addresses
0 available
Phone Numbers
0 available
June 17, 2024
<p>In 2017 the ShadowBrokers group leaked information stolen from the NSA. Within the leak was evidence that the NSA had compromised a SWIFT bureau in the Middle East called EastNets, probably so that they could gather financial intelligence.</p> <p>The leak gives an unprecedented insight into how a sophisticated actor like the NSA operates.</p> <p>In this episode, we talk about the operation, as well as the advice the NSA has publicly given on how organisations can improve their security. The advice is from the former head of the NSA's Tailored Access Operations (TAO), their most elite offensive security team, and potentially the folks responsible for the EastNets. </p> <p>Link to the ShadowBrokers leak: <a href='https://github.com/DonnchaC/shadowbrokers-exploits/tree/master'>https://github.com/DonnchaC/shadowbrokers-exploits/tree/master</a></p> <p>Blog explaining the breach: <a href='https://medium.com/comae/the-nsa-compromised-swift-network-50ec3000b195'>https://medium.com/comae/the-nsa-compromised-swift-network-50ec3000b195</a></p> <p>NSA advice on how to be secure: <a href='https://www.youtube.com/watch?v=bDJb8WOJYdA'>https://www.youtube.com/watch?v=bDJb8WOJYdA</a></p> <p> </p>
June 8, 2024
<p>Back in 2015 the offensive security company Hacking Team were compromised by the vigilante hacker Phineas Fisher. Helpfully, Phineas Fisher shared a full description of how they completed the attack, and it's rich in detail for both red and blue teamers. In this episode, we discuss that report.</p> <p>To read the original report by Phineas Fisher, see here: https://gitlab.com/brn1337/phineas-fisher-collection/-/blob/master/2015_HackingTeam.txt?ref_type=heads</p>
June 3, 2024
<p>In this episode we discuss the 2024 CrowdStrike Global Threat Report. We dig into the key themes that CrowdStrike have identified, and explore what lessons there are for defenders. As always, we consider the offensive and the defensive sides.</p> <p>The report can be downloaded here: https://www.crowdstrike.com/global-threat-report/</p> <p>Steve has a LinkedIn article discussing it here: https://www.linkedin.com/pulse/wheres-information-security-going-2024-review-global-steve-townsley-8iole/</p>
Pod Engine is not affiliated with, endorsed by, or officially connected with any of the podcasts displayed on this platform. We operate independently as a podcast discovery and analytics service.
All podcast artwork, thumbnails, and content displayed on this page are the property of their respective owners and are protected by applicable copyright laws. This includes, but is not limited to, podcast cover art, episode artwork, show descriptions, episode titles, transcripts, audio snippets, and any other content originating from the podcast creators or their licensors.
We display this content under fair use principles and/or implied license for the purpose of podcast discovery, information, and commentary. We make no claim of ownership over any podcast content, artwork, or related materials shown on this platform. All trademarks, service marks, and trade names are the property of their respective owners.
While we strive to ensure all content usage is properly authorized, if you are a rights holder and believe your content is being used inappropriately or without proper authorization, please contact us immediately at [email protected] for prompt review and appropriate action, which may include content removal or proper attribution.
By accessing and using this platform, you acknowledge and agree to respect all applicable copyright laws and intellectual property rights of content owners. Any unauthorized reproduction, distribution, or commercial use of the content displayed on this platform is strictly prohibited.